Threat actors associated with the Qilin ransomware operation infiltrated Asahi’s Japan network through compromised equipment, exfiltrated personal and business data affecting roughly 1.5–2 million customers, employees, and related contacts, and deployed ransomware that encrypted multiple servers and PCs, causing widespread operational shutdowns and significant service disruption across Japan.

The OSINT reports that threat actors deploying Qilin ransomware are using a previously undocumented Windows malware packer, TangleCrypt, to hide and launch the STONESTOP EDR-killer with the ABYSSWORKER driver, using multi-layered encoding and flexible injection techniques but with implementation flaws that can cause crashes and reduce reliability.